Tests improvements

.github/actions/smoke-tests/action.yaml

@@ -88,7 +88,7 @@ runs:
         --service=nodeport --node-ip=${{ steps.k8s.outputs.cluster_ip }} \
         --html=tests-${{ steps.k8s.outputs.cluster }}.html \
         --self-contained-html \
-        --show-ic-logs=yes --profile \
+        --show-ic-logs=yes --profile -vv -l \
         -m ${{ inputs.marker != '' && inputs.marker || '""' }}
       working-directory: ./tests
       shell: bash

examples/appprotect/syslog.yaml

@@ -14,7 +14,7 @@ spec:
     spec:
       containers:
         - name: syslog
-          image: balabit/syslog-ng:3.28.1
+          image: balabit/syslog-ng:3.31.2-buster
           ports:
             - containerPort: 514
             - containerPort: 601
@@ -29,4 +29,4 @@ spec:
       targetPort: 514
       protocol: TCP
   selector:
-    app: syslog
+    app: syslog

examples/custom-resources/basic-tcp-udp/dns.yaml

@@ -25,7 +25,7 @@ spec:
     spec:
       containers:
       - name: coredns
-        image: coredns/coredns:1.6.7
+        image: coredns/coredns:1.8.6
         args: [ "-conf", "/etc/coredns/Corefile" ]
         volumeMounts:
         - name: config-volume
@@ -51,10 +51,10 @@ spec:
 apiVersion: v1
 kind: Service
 metadata:
-  name: coredns 
+  name: coredns
 spec:
   selector:
-   app: coredns 
+   app: coredns
   ports:
   - name: dns
     port: 5353

examples/custom-resources/oidc/keycloak.yaml

@@ -31,7 +31,7 @@ spec:
     spec:
       containers:
       - name: keycloak
-        image: quay.io/keycloak/keycloak:12.0.1
+        image: quay.io/keycloak/keycloak:15.0.2
         env:
         - name: KEYCLOAK_USER
           value: "admin"

examples/custom-resources/waf/syslog.yaml

@@ -14,7 +14,7 @@ spec:
     spec:
       containers:
         - name: syslog
-          image: balabit/syslog-ng:3.28.1
+          image: balabit/syslog-ng:3.31.2-buster
           ports:
             - containerPort: 514
             - containerPort: 601
@@ -29,4 +29,4 @@ spec:
       targetPort: 514
       protocol: TCP
   selector:
-    app: syslog
+    app: syslog

examples/tcp-udp/dns.yaml

@@ -25,7 +25,7 @@ spec:
     spec:
       containers:
       - name: coredns
-        image: coredns/coredns:1.2.0
+        image: coredns/coredns:1.8.6
         args: [ "-conf", "/etc/coredns/Corefile" ]
         volumeMounts:
         - name: config-volume
@@ -57,10 +57,10 @@ spec:
 apiVersion: v1
 kind: Service
 metadata:
-  name: coredns 
+  name: coredns
 spec:
   selector:
-   app: coredns 
+   app: coredns
   ports:
   - name: dns
     port: 53
@@ -76,7 +76,7 @@ metadata:
 spec:
   clusterIP: None
   selector:
-   app: coredns 
+   app: coredns
   ports:
   - name: dns
     port: 53

perf-tests/README.md

@@ -43,7 +43,7 @@ The table below shows various configuration options for the performance tests. U
 | `--image` | The Ingress Controller image. | `nginx/nginx-ingress:edge` |
 | `--image-pull-policy` | The pull policy of the Ingress Controller image. | `IfNotPresent` |
 | `--deployment-type` | The type of the IC deployment: deployment or daemon-set. | `deployment` |
-| `--ic-type` | The type of the Ingress Controller: nginx-ingress or nginx-ingress-plus. | `nginx-ingress` |
+| `--ic-type` | The type of the Ingress Controller: nginx-ingress or nginx-plus-ingress. | `nginx-ingress` |
 | `--service` | The type of the Ingress Controller service: nodeport or loadbalancer. | `nodeport` |
 | `--node-ip` | The public IP of a cluster node. Not required if you use the loadbalancer service (see --service argument). | `""` |
 | `--kubeconfig` | An absolute path to a kubeconfig file. | `~/.kube/config` or the value of the `KUBECONFIG` env variable |

perf-tests/conftest.py

@@ -1,19 +1,19 @@
 """Describe overall framework configuration."""
 
-import os
-import pytest
-import sys
-
-sys.path.insert(0, "../tests")
-from kubernetes.config.kube_config import KUBE_CONFIG_DEFAULT_LOCATION
+from suite.resources_utils import get_first_pod_name
 from settings import (
     DEFAULT_IMAGE,
     DEFAULT_PULL_POLICY,
     DEFAULT_IC_TYPE,
     DEFAULT_SERVICE,
     DEFAULT_DEPLOYMENT_TYPE,
 )
-from suite.resources_utils import get_first_pod_name
+from kubernetes.config.kube_config import KUBE_CONFIG_DEFAULT_LOCATION
+import os
+import pytest
+import sys
+
+sys.path.insert(0, "../tests")
 
 
 def pytest_addoption(parser) -> None:
@@ -44,7 +44,7 @@ def pytest_addoption(parser) -> None:
         "--ic-type",
         action="store",
         default=DEFAULT_IC_TYPE,
-        help="The type of the Ingress Controller: nginx-ingress or nginx-ingress-plus.",
+        help="The type of the Ingress Controller: nginx-ingress or nginx-plus-ingress.",
     )
     parser.addoption(
         "--service",
@@ -97,17 +97,20 @@ def pytest_collection_modifyitems(config, items) -> None:
     :return:
     """
     if config.getoption("--ic-type") == "nginx-ingress":
-        skip_for_nginx_oss = pytest.mark.skip(reason="Skip a test for Nginx OSS")
+        skip_for_nginx_oss = pytest.mark.skip(
+            reason="Skip a test for Nginx OSS")
         for item in items:
             if "skip_for_nginx_oss" in item.keywords:
                 item.add_marker(skip_for_nginx_oss)
     if config.getoption("--ic-type") == "nginx-plus-ingress":
-        skip_for_nginx_plus = pytest.mark.skip(reason="Skip a test for Nginx Plus")
+        skip_for_nginx_plus = pytest.mark.skip(
+            reason="Skip a test for Nginx Plus")
         for item in items:
             if "skip_for_nginx_plus" in item.keywords:
                 item.add_marker(skip_for_nginx_plus)
     if "-ap" not in config.getoption("--image"):
-        appprotect = pytest.mark.skip(reason="Skip AppProtect test in non-AP image")
+        appprotect = pytest.mark.skip(
+            reason="Skip AppProtect test in non-AP image")
         for item in items:
             if "appprotect" in item.keywords:
                 item.add_marker(appprotect)
@@ -131,7 +134,9 @@ def pytest_runtest_makereport(item) -> None:
     # we only look at actual failing test calls, not setup/teardown
     if rep.when == "call" and rep.failed and item.config.getoption("--show-ic-logs") == "yes":
         pod_namespace = item.funcargs["ingress_controller_prerequisites"].namespace
-        pod_name = get_first_pod_name(item.funcargs["kube_apis"].v1, pod_namespace)
+        pod_name = get_first_pod_name(
+            item.funcargs["kube_apis"].v1, pod_namespace)
         print("\n===================== IC Logs Start =====================")
-        print(item.funcargs["kube_apis"].v1.read_namespaced_pod_log(pod_name, pod_namespace))
+        print(item.funcargs["kube_apis"].v1.read_namespaced_pod_log(
+            pod_name, pod_namespace))
         print("\n===================== IC Logs End =====================")

tests/.flake8

@@ -1,5 +1,5 @@
 [flake8]
 format = pylint
 max-complexity = 10
-max-line-length = 100
+max-line-length = 120
 exclude = .git,__pycache__,data,.idea.pytest_cache

tests/README.md

@@ -8,7 +8,7 @@ Below you will find the instructions on how to run the tests against a Minikube
 
 ### Prerequisites:
 
-* Minikube. 
+* Minikube.
 * Python3 or Docker.
 
 #### Step 1 - Create a Minikube Cluster
@@ -18,7 +18,7 @@ $ minikube start
 ```
 
 #### Step 2 - Run the Tests
- 
+
 **Note**: if you have the Ingress Controller deployed in the cluster, please uninstall it first, making sure to remove its namespace and RBAC resources.
 
 Run the tests:
@@ -46,7 +46,7 @@ The tests will use the Ingress Controller for NGINX with the default *nginx/ngin
 #### Step 1 - Create a Kind Cluster
 
 ```bash
-$ make create-kind-cluster 
+$ make create-kind-cluster
 ```
 
 #### Step 2 - Run the Tests
@@ -72,7 +72,7 @@ The table below shows various configuration options for the tests. If you use Py
 | `--image` | `BUILD_IMAGE` | The Ingress Controller image. | `nginx/nginx-ingress:edge` |
 | `--image-pull-policy` | `PULL_POLICY` | The pull policy of the Ingress Controller image. | `IfNotPresent` |
 | `--deployment-type` | `DEPLOYMENT_TYPE` | The type of the IC deployment: deployment or daemon-set. | `deployment` |
-| `--ic-type` | `IC_TYPE` | The type of the Ingress Controller: nginx-ingress or nginx-ingress-plus. | `nginx-ingress` |
+| `--ic-type` | `IC_TYPE` | The type of the Ingress Controller: nginx-ingress or nginx-plus-ingress. | `nginx-ingress` |
 | `--service` | `SERVICE`, not supported by `run-tests-in-kind` target.  | The type of the Ingress Controller service: nodeport or loadbalancer. | `nodeport` |
 | `--node-ip` | `NODE_IP`, not supported by `run-tests-in-kind` target.  | The public IP of a cluster node. Not required if you use the loadbalancer service (see --service argument). | `""` |
 | `--kubeconfig` | `N/A` | An absolute path to a kubeconfig file. | `~/.kube/config` or the value of the `KUBECONFIG` env variable |
@@ -85,4 +85,4 @@ If you would like to use an IDE (such as PyCharm) to run the tests, use the [pyt
 Tests are marked with custom markers. The markers allow to logically split all the tests into smaller groups. The full list can be found in the [pytest.ini](pytest.ini) file or via command line:
 ```bash
 $ python3 -m pytest --markers
-```
+```

tests/conftest.py

@@ -1,19 +1,12 @@
 """Describe overall framework configuration."""
 
 import os
-import pytest
 
+import pytest
 from kubernetes.config.kube_config import KUBE_CONFIG_DEFAULT_LOCATION
-from settings import (
-    DEFAULT_IMAGE,
-    DEFAULT_PULL_POLICY,
-    DEFAULT_IC_TYPE,
-    DEFAULT_SERVICE,
-    DEFAULT_DEPLOYMENT_TYPE,
-    NUM_REPLICAS,
-    BATCH_START,
-    BATCH_RESOURCES,
-)
+from settings import (BATCH_RESOURCES, BATCH_START, DEFAULT_DEPLOYMENT_TYPE,
+                      DEFAULT_IC_TYPE, DEFAULT_IMAGE, DEFAULT_PULL_POLICY,
+                      DEFAULT_SERVICE, NUM_REPLICAS)
 from suite.resources_utils import get_first_pod_name
 
 
@@ -51,7 +44,7 @@ def pytest_addoption(parser) -> None:
         "--ic-type",
         action="store",
         default=DEFAULT_IC_TYPE,
-        help="The type of the Ingress Controller: nginx-ingress or nginx-ingress-plus.",
+        help="The type of the Ingress Controller: nginx-ingress or nginx-plus-ingress.",
     )
     parser.addoption(
         "--service",
@@ -124,7 +117,7 @@ def pytest_collection_modifyitems(config, items) -> None:
         for item in items:
             if "appprotect" in item.keywords:
                 item.add_marker(appprotect)
-    if  str(config.getoption("--batch-start")) != "True":
+    if str(config.getoption("--batch-start")) != "True":
         batch_start = pytest.mark.skip(reason="Skipping pod restart test with multiple resources")
         for item in items:
             if "batch_start" in item.keywords:

tests/data/ap-waf/syslog.yaml

@@ -14,10 +14,18 @@ spec:
     spec:
       containers:
         - name: syslog
-          image: balabit/syslog-ng:3.28.1
+          image: balabit/syslog-ng:3.31.2-buster
           ports:
             - containerPort: 514
             - containerPort: 601
+          volumeMounts:
+          - name: config-volume
+            mountPath: /etc/syslog-ng/syslog-ng.conf
+            subPath: syslog-ng.conf
+      volumes:
+        - name: config-volume
+          configMap:
+            name: syslog-config
 ---
 apiVersion: v1
 kind: Service
@@ -29,4 +37,34 @@ spec:
       targetPort: 514
       protocol: TCP
   selector:
-    app: syslog
+    app: syslog
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: syslog-config
+data:
+  syslog-ng.conf: |-
+    @version: 3.29
+    @include "scl.conf"
+
+    source s_local {
+      internal();
+    };
+
+    source s_network {
+      default-network-drivers(
+        max_connections(300)
+      );
+    };
+
+    destination d_local {
+      file("/var/log/messages");
+      file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));
+    };
+
+    log {
+      source(s_local);
+      source(s_network);
+      destination(d_local);
+    };